Vulnerability Management, Patch/Configuration Management

Actively exploited Apple zero-day resolved

iPhone 13 Pro with apple logo loading and installing operating system ios 15.5 on the screen close up, new ios 2022 on apple devices sub v. ios 15 for updates

Updates have been issued by Apple for the out-of-bounds write zero-day flaw, tracked as CVE-2025-43300, following its exploitation in an "extremely sophisticated" and highly targeted cyber intrusion, BleepingComputer reports.

Malicious actors could leverage the vulnerability which was discovered within the Image I/O framework and affects several generations of iPhones, iPads, and Macs to crash programs, corrupt data, and enable remote code execution, according to Apple. "An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption," said Apple. Organizations and individuals using vulnerable Apple devices have been urged to immediately update to iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Such an issue marks the sixth actively exploited zero-day bug resolved by Apple so far this year, which matches the total number of abused zero-days fixed by the company last year.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds